ldap_mod_replace() and ldap_modify() are _exactly_ the same. So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.

Before you modify values in your ldap directory, first make sure that you have permission to do so. In openldap adding the following acl in slap.conf will allow the user to modify their own userpassword.